The hack of a commercially available insulin pump that diabetics can control wirelessly has attracted the attention of US lawmakers who oversee the safety of the nation's airwaves.
In a letter drafted earlier this week, US Representatives Anna Eshoo and Edward Markey asked members of the Government Accountability Office to …

fix the damn thing....

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.”

The fact that you can in a lab means that its possible to do it outside a lab.... the fact that its possible to do it at all means it needs fixing....

Ah

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.”

So that's ok then. Bury your head in the sand because "It can't happen to you" (TM)

So why do you think that the attacked will be able to report it?

Not that it hasn't happened yet...

... just that it hasn't happened to "their knowledge". Of course, its not quite clear how they would have known about it *had* happened, given that it was a risk they were unaware of and weren't looking for.

Someone needs edumacating...

Obviously someone who doesnt know much about diabetes or insulin pumps but... the effects of insulin being pumped into the body are not instantaneous, at least not in the case of available insulin thats on the market, they take a while to do anything and generally you do feel the effects coming on. It would be more dangerous for someone say in charge of a plane...

I was thinking more of heads-of-state...

Don't like your current representative? Hey, we've got a sure fire way to kill him untraceably! Turns out, all you need to do is send him into a diabetic coma - and the best thing is, you only need to get within WIFI range!

Lawyerspeak

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide"

Anyone who did die from their devices getting messed with, is in fact dead, has already had the insurance collected on, and we would rather not talk about it, k? CSI couldn't solve it, neither can you.

only done by the "good guys" in the lab?

No reports

"there has never been a single reported incident "

Nobody has reported being killed by this?

And exactly how would they know that it had happened? A diabetic feels ill, or their sugar levels vary unexpectedly, or they drop dead - does anyone check their insulin pump? And would there be any evidence left behind, especially if the attacker set it back to normal levels again later?

Another bit of edumacation needed...

""there has never been a single reported incident "

Nobody has reported being killed by this?

And exactly how would they know that it had happened? A diabetic feels ill, or their sugar levels vary unexpectedly, or they drop dead - does anyone check their insulin pump? And would there be any evidence left behind, especially if the attacker set it back to normal levels again later?"

The pumps keep account of bolus injections that are extra to the basal ones...

Yes you have to check your pump, otherwise how would you change the insulin and cannula every three days? (If you didnt it would run out and youd be in serious trouble)

Yes there would be evidence left behind the insulin takes at least an hour on the quickest types to dissipate and also blood levels would differ to normal, and I would hazard a guess at there being ways of finding out what blood sugar levels where from HBA1C tests.

Medtronic - "To our knowledge..."

"Titanic" mindset

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide.”

No right, just like there was never a plane hijacked until someone first hijacked one. That someone manufacturing devices on which lives depend still lives in such a well padded cloud cuckoo land should be a major cause for concern to the regulators and users of such devices, although the inevitable US supersize lawsuit that would result would certainly put paid to any lingering smugness manufacturers may still be harbouring.

As a successful security model, pretending it won't happen to you died the death a long time ago, even for manufacturers of medical devices and voting machines.

Oh good grief people, live in the real world...

In these days of spin and image and scum sucking lawyers everywhere would you really expect a press release on the lines of "We're kakking our pants over this and the boys in the lab are desperately working on a fix..."

That sort of press release tells you exactly nothing about what the company's response to any possible vulnerability is because there are exactly no circumstances in which they'd say anything different.

No such thing as a routine security review

On a device that actually injects insulin, any change at all will mean it has to go back to a complete review by FDA and CE before it can be sold. That's slow and expensive. Modifications to medical devices are not the same as browser patches.

I'm not saying they should ignore a problem; just that announcing an "important security fix" is coming would kill sales of the current devices, and they wouldn't get the replacements on the market for 1.5 to 2 years even if they had their internal development and testing complete next week, so they're not likely to say it.

Review?

Dumbass 30yrs past! We need to care what could be done today or future

“To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide."

Typical lawyer diversion from the real topic! - WHAT CAN/COULD BE DONE TODAY or FUTURE?!!

Gee lets see.... Even in the last 6 months we have new technology, more powerful smartphones, mobile radio devices, near field devices, Internet connected devices (deliberate+accidental).

It's a safe bet any that any experiments you do are far outpaced by the technology & the brainpower of a modern attacker. Checking a few production electronic car keys IS NOT THE SAME as checking for and defending against an unknown modified electronic car key (hardware+software)

We are already certain you don't defend against car keys & smartphones etc. because you say a medical device is not designed to be a car, Internet enabled device or a TV set.....

pump user

My pump at least logs everything it's been doing for at least the last X days, mostly just total daily dose. Also records time and date of X bolus doses as well.

X = Not sure how many records it actually keeps, but I got bored of pressing the buttons once I went back through 50'odd entries.

Not possible with mine as it's not wireless, but even if someone did give me an unexpected bolus I'd know about it soon enough and would soon fix the problem with a bottle of Lucozade. There are also limits set on the pumps to fix maximum potential doses so that I don't over dose by mistaken button presses so the person hacking my pump would need to over ride those setting as well and I don't think those settings were available wirelessly on the demo pumps I looked at before from other manufacturers.

On off on off on off on ...

of course it could be hacked but not all pumps

pumps that link to a Continuous Glucose Meter or use the remote control need to have wireless communication enabled to allow the devices to talk together. This gives an opportunity for someone to remote attack the pump - I doubt the authenication and encryption is strong enough to keep someone determined out. If you are not using one of these functions you can switch it off. Course if you are using an Omnipod you are out of luck - all the controls are on the remote so you must use it.

If you are using a non-integrated pump - ie the CGMS does not talk directly to the pump - then you don't need the wireless on.

Given that my pump and CGMS have difficulty talking with each other when they are more than about 30cm apart and you can't turn off the bloody beeping sound when you do anything I would probably notice someone attempting to adjust it, but you never know.

This is different from popping pills with some new molecule.

You can only trust that he FDA did its approvals correctly (probably not) and Pfizer didn't deep-six the study showing inconvenient results (probably not) or that the production machine was squeaky clean (probably but sometimes not).

To add insult to injury, you get to pay top dollar because of the patent before your liver gives out.

Yes, this needs to be fixed

Yes, this vulnerability needs to be fixed, just like the myriad other ones in the world.

But it's a sad testament that we would NEED to fix something like this to prevent someone from possibly doing harm.

While I know it's not 1950 where (supposedly) you could just leave your keys in your car, not lock your front door, etc., where does it end? Eventually we'll be living in houses with shatter-proof windows in the off chance someone may throw a brick, and even toilet paper will have warning labels and come with an instructional DVD. (though that might not be bad for some people)

Eh?????

RE: Eh?????

Of course it need a communication protocol, how else is the user going to tell it how much insulin to give? (This needs to be adjusted for diet, in case you didn't know.) A remote is very handy, because the device itself is worn under clothing and a wired remote would just end up getting tangled in things, not to mention making the user feel (even more) like some kind of freakish cyborg. So wireless seems like the way to go, If they could just figure out how to make it secure.

RE: Eh?????............

It doesnt need any kind of communication protocol and since when did a patient decide exactley how much of their medication they need.

Insulin (and most other self administered injectable drugs) are a pre set dose.

The device only needs to be able to deliver say, 10mils every 4 hours. Or whatever.

At no point should a user be able to modify this out side some pre set parameters without a medical proffesionals say so. More importantly a NON user should have no hope whatsoever.

Even morphine injectors for use with cancer or other hugely painful cinditions can not deliver more than a preset amount in a certain time frame, and whilst the user can happily click away pumping the stuff in, the device stops over administration of the drug. 50 mils in a 5 hour period, ok, but not 51 till that 5 hour time is up!! Which is how they should work and indeed did.

So, as i said, the DOCTOR decides how much should be given. NOT the patient. The need for this device to be remotly controlled is utterly pointless and is there because someone decided it could. Not should, or must but because it could....An appliance waiting for an application....

Let's add a bit more common sense

Diabetics who don't get enough insulin will eventually enter a coma. It is thus VITAL that the dosages from an insulin pump must be readable and for preference adjustable by a person other than the user.

@cornz 1

"since when did a patient decide exactley how much of their medication they need."

Adults with type 1 diabetes (like me) typically manage their condition themselves. I measure my blood glucose, estimate the carbs that I'm eating and the exercise that I'm taking and decide how much insulin I need to inject. I meet with a diabetes consultant or specialist nurse every six months to discuss how this self-management is going.

"At no point should a user be able to modify this out side some pre set parameters without a medical proffesionals say so."

I'm afraid you're simply wrong. Not just for diabetes but for many other long-term conditions, so-called "expert patient" schemes where the individual is given day-to-day control are quite commonplace. The days when such conditions were micro-managed by a medical professional are (happily) long since passed.

@cornz1 - The basics of diabetic control

I'm sorry Mr/s. Cornz, but you could hardly be more wrong on just about everything you've written.

The diabetic herself decides, from day to day, even from hour to hour, how much insulin to inject/pump. This varies around an "ideal" dose, and depends massively on what is eaten, degree of exercise, degree of stress, etc. The amount of variation can easily be as much as 50%, or even more whilst suffering an infectious disease.

The doctor does NOT decide how much insulin should be given, except by giving individual guidelines.

The whole idea of an insulin pump is for a diabetic to be able to adjust the dose of insulin easily and rapidly, and to give boosts just before (or after) meals.

I sincerely hope you never have cause to discover these things for yourself.

Not always........

"Insulin (and most other self administered injectable drugs) are a pre set dose."

Bolus insulin is a pre-set dose that doesn't usually change without a doctor's say-so, BUT short-acting insulins are variable dose and can change from meal to meal, depending on the diabetic's blood sugar at the meal and the number of carbs in the meal. The doctor can give a base range for the short-acting insulin, but has no say over how much is actually administered at each meal as zie is not there to observe the exact conditions and dispense dosing advice. I know this because my husband has type 2 diabetes and his short-acting insulin dosages can range anywhere from 25 units to 50 units, at MY discretion, NOT the doctor's (I'm the one who figures out his dosages based on blood sugar and carb consumption and I'm better at it than the doctor is).

But you cannot

over-ride the pump unit to give you ALL the insulin in one go!!

This is the point im making. If (and i do speak ferom experience here) you are given an auto injector for morphine, you can administer it to yourself all day long, however, you cannot exceed a pre-determined amount or number of shots per day.

So you have 100mls of solution, to be administered 10 times a day.

Perhaps you can administer 5 of these in an hour, 5 the next but then you cannot administer anymore until the 24 hour period is up....

If, remotely, someone can adjust that without the users consent or knowledge then thats a stupid idea...

diabetes control is in the hands of the patient, not the doctor

"So, as i said, the DOCTOR decides how much should be given. NOT the patient. The need for this device to be remotly controlled is utterly pointless and is there because someone decided it could. Not should, or must but because it could....An appliance waiting for an application..."

Fairly safe to say that cornz 1 has no experience with Type 1 diabetes at all (Type 2 is a completely different kettle of fish).

My doctor has NO say in what my dosages are. He/she can advise or recommend but seeing as I live with this 24/7 and I see them for 5 minutes every 3 months to get my prescription renewed, I have a much better idea of how to manage my diabetes that they do. I will never take instruction from them, only advice.

@cornz 1

"But you cannot over-ride the pump unit to give you ALL the insulin in one go!!"

I can give myself as much or as little insulin as I like whenever I like. I am in complete day-to-day control of my insulin.

"Thats my point....

Sheesh......"

Your point was bollocks. Several people have tried to explain why your point was bollocks. If you had a bit of dignity at this point you would acknowledge that you were wrong and thank people for improving your understanding. But you'll probably just slink away or post some more backpedaling sprinkled with exclamation marks. Grow up.

"So far, so good"

Been coming for a *very* long time.

There's an old DDJ article about a guy trying to unscramble the serial port data from his glucose monitor.

As the actual *device* sets smaller (more concentrated insulin, more efficient pump design, smaller batteries) the UI (the buttons) become the limiting factor on reduction.

But what's OK for a *Monitor* should change *radically* when you can actually effect stuff IRL.

Logging the last changes is just a *start* (and note I'll bet that's just a good idea, *not* mandatory in the design of medical devices).

BTW some countries have a "Grandfather" provision for medical devices *unlike* drugs.

So I say "It's an insulin pump, just like insulin pump X" and the licensing authorities say "Fair enough type X passed you're clear to go."

It doesn't have to be *better* it just has to be *different* (but not *too* different).

While the idea that no one would investigate a diabetic whose just going along and suffers a massive insulin OD should be *very* far fetched given competent forensic techs and autopsy it's less clear cut if they were *doing* something which damaged the body. Driving a car would be the obvious one but I'm sure someone motivated to do this would find others.

It's probably like an RFID chip.

@Anonymous John

So absolutely no problem to kill someone in a packed commuter train when you're wedged up against him with your sequential channel scanning diabetic-o-zapem(tm)

Anyway, the RFID range limit is a false security as has already been shown with the RFID passports. Both ends of the link don't need to be high power or have comparatively large directional antennas, only one. So back to the packed tube train, you could stand at one end, and attack half the carriage - how nice of them to all stand within the couple of degree field of your antenna, hidden in the oh so obvious piece of luggage at your feet.

The incidence of type 1 diabetes is about 10 people per 100k

Of that small population, a small subset will be using a pump rather than pens, and a smaller subset of those will be using a pump whose dose can be adjusted wirelessly, and an even smaller subset of those will be using the particular type of pump whose vulnerability your imaginary wireless murder machine would be targetting. So if you're lucky, you'll find one potential victim in every thousand packed tube carriages.